Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 11:27

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
Author Message
 Post subject: UT3 Account Memory Saturation !
PostPosted: 22 Jun 2011 23:03 

Joined: 22 Jun 2011 21:16
Posts: 3
Hello all :)

since many time i see to it's possible to "Freeze" or Saturate an Unreal Tournament 3 account (server side)
apparently Epic Game don't configure a protection againest Data Spam on UT3 accound.

In this example The Data sended for Saturate accounts memory
was friend request.

Image

==Send a Friend Request ==
open UT3.exe
-Community
-Friend
-Add a Friend
== ==

For increase the power of attack we have possibility to change the "DefautFriendRequestMessage" value for weigh the Friend Request data

Image
Image

i normal situation we can send only 1 request / 3 sec
but helped to many tools(speedhacking & textspammer) i've get a speed around 3 at 3.5 kbps

Image

So After two hour of waiting and ~ 20 Mo of Data Sended The Account Memory was completly satured
That result to denial of Connection between the current account and the Principals UT3 Servers (69.10.30.241 & 69.10.30.242)
and a total impossibility to joint a server (as cracked) and restricted access to community section !
so accound become unusable.

i Create an UT3 account and do an attack againest it ...
Great Result ! look it ----> (UT3 Login: EpsoI ; UT3 Pass : Pronoxy)

======
======

Now i have a question ...
it's possible to send the "Friend Request Packets" on TCP protocol More Faslty and out out of UT3 Program ?
i upload The Packets sniffed here http://www.mediafire.com/?y1b6m2gfzz266wz

Image

long post , sorry about that

Erenox


Last edited by Erenox on 23 Jun 2011 21:09, edited 3 times in total.

Top
 Profile  
 
 
 Post subject: Re: UT3 Accound Memory Saturation !
PostPosted: 23 Jun 2011 18:17 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the port 29900 is the one used by the Gamespy server (gpcm.gamespy.com which is used just to handle players accounts.

but are you sure that the player targetted by this type of flood/spam will have real problems?
and what effects exactly?
impossibility to login?

anyway to be exact the problem isn't in Epic stuff but in Gamespy.
I can't help you with the tests because I don't touch centralized servers (only stuff I own) but I guess that would be enough to add the sending of the packet in loop in my gslogincheck tool under the "Your account IS valid" command to being able to do what you have in mind.

P.S.: the word is "account", not "accound" :)


Top
 Profile  
 
 Post subject: Re: UT3 Accound Memory Saturation !
PostPosted: 23 Jun 2011 18:30 

Joined: 22 Jun 2011 21:16
Posts: 3
Ok , first post edited , sorry for my bad english.

no the principal problem was not in login in UT3 account ; but it's totaly impossible to play on a multiplay server !

for example if you try to connect on a multiplay server, after 15 at 20 sec of loading you receved a nice message as "connection fail"
and it's same for all server in all mode.
for resume, log in is possible , but use it for play or send message isen't.

====
===
==
=

Ps : is possible to totally blocking an local account with Buffer overflow too

try it

Login:Pronoxy
pass:phenix

that result of impossibility to log in and UT3 crash!!!


Top
 Profile  
 
 Post subject: Re: UT3 Accound Memory Saturation !
PostPosted: 23 Jun 2011 20:09 

Joined: 22 Jun 2011 21:16
Posts: 3
aluigi wrote:
but are you sure that the player targetted by this type of flood/spam will have real problems?
and what effects exactly?
impossibility to login?

http://www.youtube.com/watch?v=G2s2E_h4zsU


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: